diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-12-25 15:04:52 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-12-25 15:04:52 -0500 |
| commit | cad8ae268c5009c989b765021404ff8c86df1d8b (patch) | |
| tree | 701630292bc8f0dd698487d7b95ef262fca834b4 /tests/test_x509_revokedcertbuilder.py | |
| parent | ef5f9fc339a7137f5a9761f8c27a08c554c27b1c (diff) | |
| parent | c33ffd7527a4ce77010425fedfbeed27856c8aa8 (diff) | |
| download | cryptography-cad8ae268c5009c989b765021404ff8c86df1d8b.tar.gz cryptography-cad8ae268c5009c989b765021404ff8c86df1d8b.tar.bz2 cryptography-cad8ae268c5009c989b765021404ff8c86df1d8b.zip | |
Merge pull request #2571 from reaperhulk/revokedcertificatebuilder
RevokedCertificateBuilder
Diffstat (limited to 'tests/test_x509_revokedcertbuilder.py')
| -rw-r--r-- | tests/test_x509_revokedcertbuilder.py | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/tests/test_x509_revokedcertbuilder.py b/tests/test_x509_revokedcertbuilder.py new file mode 100644 index 00000000..9f79387b --- /dev/null +++ b/tests/test_x509_revokedcertbuilder.py @@ -0,0 +1,80 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import datetime + +import pytest + +from cryptography import x509 +from cryptography.hazmat.backends.interfaces import X509Backend + + +class TestRevokedCertificateBuilder(object): + def test_serial_number_must_be_integer(self): + with pytest.raises(TypeError): + x509.RevokedCertificateBuilder().serial_number("notanx509name") + + def test_serial_number_must_be_non_negative(self): + with pytest.raises(ValueError): + x509.RevokedCertificateBuilder().serial_number(-1) + + def test_serial_number_must_be_less_than_160_bits_long(self): + with pytest.raises(ValueError): + # 2 raised to the 160th power is actually 161 bits + x509.RevokedCertificateBuilder().serial_number(2 ** 160) + + def test_set_serial_number_twice(self): + builder = x509.RevokedCertificateBuilder().serial_number(3) + with pytest.raises(ValueError): + builder.serial_number(4) + + def test_revocation_date_invalid(self): + with pytest.raises(TypeError): + x509.RevokedCertificateBuilder().revocation_date("notadatetime") + + def test_revocation_date_before_unix_epoch(self): + with pytest.raises(ValueError): + x509.RevokedCertificateBuilder().revocation_date( + datetime.datetime(1960, 8, 10) + ) + + def test_set_revocation_date_twice(self): + builder = x509.RevokedCertificateBuilder().revocation_date( + datetime.datetime(2002, 1, 1, 12, 1) + ) + with pytest.raises(ValueError): + builder.revocation_date(datetime.datetime(2002, 1, 1, 12, 1)) + + @pytest.mark.requires_backend_interface(interface=X509Backend) + def test_no_serial_number(self, backend): + builder = x509.RevokedCertificateBuilder().revocation_date( + datetime.datetime(2002, 1, 1, 12, 1) + ) + + with pytest.raises(ValueError): + builder.build(backend) + + @pytest.mark.requires_backend_interface(interface=X509Backend) + def test_no_revocation_date(self, backend): + builder = x509.RevokedCertificateBuilder().serial_number(3) + + with pytest.raises(ValueError): + builder.build(backend) + + @pytest.mark.requires_backend_interface(interface=X509Backend) + def test_create_revoked(self, backend): + serial_number = 333 + revocation_date = datetime.datetime(2002, 1, 1, 12, 1) + builder = x509.RevokedCertificateBuilder().serial_number( + serial_number + ).revocation_date( + revocation_date + ) + + revoked_certificate = builder.build(backend) + assert revoked_certificate.serial_number == serial_number + assert revoked_certificate.revocation_date == revocation_date + assert len(revoked_certificate.extensions) == 0 |